Conventional data security applications employ access based or content based approaches. Access based approaches, such as password systems, firewalls, and physical network segregation, prevent access via electronic or physical means. Content based approaches, in contrast, focus on the content of the data and preventing sensitive content from dissemination, while not necessarily affecting the underlying connection or communication mechanism. Content based approaches include, for example, encryption, which renders data in an unintelligible form to unintended recipients, and filters, which selectively modify or overwrite packets, such as web browser “parental controls” which scan for certain keywords in the web page data portions.
Content based approaches are more granular than their access based counterparts, since the content based approach allows selective restriction of certain transmissions, rather than absolutely denying all access. However, content based approaches compute, or determine, permissible transmission according to a predefined criteria. Such computations may incorporate a degree of error, either permitting undesirable transmissions, or inadvertently blocking acceptable transmissions. Further, since content based approaches examine the transmission stream in real time, throughput performance may be affected. Also, effectiveness of a content based solution typically depends on a user or operator effectively defining or enumerating the predefined criteria for determining the appropriateness of a particular transmission.
Such a conventional data security mechanism is often employed to control access to a protected resource, such as a database (DB). Typical conventional database applications operate on a relational database employing a query language such as the Structured Query Language (SQL), as is known to those of skill in the art. SQL is operable with relational databases particularly because it lends itself well to the table and row arrangement of the objects in the relational database. An SQL query is an English-like statement specifying particular tables and attributes in rows having certain values. Conditional statements, including Boolean comparisons of equality and range, identify certain rows, or records, in the queried tables, or objects. Further, a user specifies interrelations between the tables by specifying joins, as are known to those of skill in the art, which identify logical relations between rows, or records, of different tables based on the values in the records. The database returns data entries matching the access attempt in the form of a set of rows of data satisfying the query.